diff --git a/demo-output.yaml b/demo-output.yaml
index bb6bff68..5cbee6f1 100644
--- a/demo-output.yaml
+++ b/demo-output.yaml
@@ -739,6 +739,19 @@
data: dependency
innerText: "\n junit\n junit\n 4.11\n test\n "
matchingXML: junitjunit4.11test
+ xml-test-key-match:
+ description: Test code snippets when match is a key of a XML node
+ category: potential
+ incidents:
+ - uri: file:///analyzer-lsp/examples/java/beans.xml
+ message: The code snippet should point to in the beans.xml file
+ codeSnip: " 8 *\n 9 * http://www.apache.org/licenses/LICENSE-2.0\n10 *\n11 * Unless required by applicable law or agreed to in writing, software\n12 * distributed under the License is distributed on an \"AS IS\" BASIS,\n13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n14 * See the License for the specific language governing permissions and\n15 * limitations under the License.\n16 -->\n17 \n22 \n"
+ lineNumber: 17
+ variables:
+ data: beans
+ innerText: |2+
+
+ matchingXML: ""
errors:
error-rule-001: |-
unable to get query info: yaml: unmarshal errors:
diff --git a/examples/java/beans.xml b/examples/java/beans.xml
new file mode 100644
index 00000000..94b96809
--- /dev/null
+++ b/examples/java/beans.xml
@@ -0,0 +1,22 @@
+
+
+
+
\ No newline at end of file
diff --git a/provider/internal/builtin/service_client.go b/provider/internal/builtin/service_client.go
index 0e568f26..64eeaa65 100644
--- a/provider/internal/builtin/service_client.go
+++ b/provider/internal/builtin/service_client.go
@@ -173,7 +173,11 @@ func (p *builtinServiceClient) Evaluate(ctx context.Context, cap string, conditi
"data": node.Data,
},
}
- location, err := p.getLocation(ctx, ab, node.InnerText())
+ content := strings.TrimSpace(node.InnerText())
+ if content == "" {
+ content = node.Data
+ }
+ location, err := p.getLocation(ctx, ab, content)
if err == nil {
incident.CodeLocation = &location
lineNo := int(location.StartPosition.Line)
diff --git a/provider/internal/java/dependency.go b/provider/internal/java/dependency.go
index 4deedfa2..b264f2df 100644
--- a/provider/internal/java/dependency.go
+++ b/provider/internal/java/dependency.go
@@ -405,18 +405,50 @@ func (p *javaServiceClient) parseDepString(dep, localRepoPath, pomPath string) (
} else {
return d, fmt.Errorf("unable to split dependency string %s", dep)
}
- d.Name = fmt.Sprintf("%s.%s", parts[0], parts[1])
+ group := parts[0]
+ artifact := parts[1]
+ d.Name = fmt.Sprintf("%s.%s", group, artifact)
+
+ fp := resolveDepFilepath(&d, p, group, artifact, localRepoPath)
+
+ d.Labels = addDepLabels(p.depToLabels, d.Name)
+ d.FileURIPrefix = fmt.Sprintf("file://%v", filepath.Dir(fp))
+
+ d.Extras = map[string]interface{}{
+ groupIdKey: group,
+ artifactIdKey: artifact,
+ pomPathKey: pomPath,
+ }
+
+ return d, nil
+}
+
+// resolveDepFilepath tries to extract a valid filepath for the dependency with either JAR or POM packaging
+func resolveDepFilepath(d *provider.Dep, p *javaServiceClient, group string, artifact string, localRepoPath string) string {
+ groupPath := strings.Replace(group, ".", "/", -1)
+
+ // Try jar packaging
var fp string
if d.Classifier == "" {
- fp = filepath.Join(localRepoPath, strings.Replace(parts[0], ".", "/", -1), parts[1], d.Version, fmt.Sprintf("%v-%v.jar.sha1", parts[1], d.Version))
+ fp = filepath.Join(localRepoPath, groupPath, artifact, d.Version, fmt.Sprintf("%v-%v.%v.sha1", artifact, d.Version, "jar"))
} else {
- fp = filepath.Join(localRepoPath, strings.Replace(parts[0], ".", "/", -1), parts[1], d.Version, fmt.Sprintf("%v-%v-%v.jar.sha1", parts[1], d.Version, d.Classifier))
+ fp = filepath.Join(localRepoPath, groupPath, artifact, d.Version, fmt.Sprintf("%v-%v-%v.%v.sha1", artifact, d.Version, d.Classifier, "jar"))
}
b, err := os.ReadFile(fp)
+ if err != nil {
+ // Try pom packaging (see https://www.baeldung.com/maven-packaging-types#4-pom)
+ if d.Classifier == "" {
+ fp = filepath.Join(localRepoPath, groupPath, artifact, d.Version, fmt.Sprintf("%v-%v.%v.sha1", artifact, d.Version, "pom"))
+ } else {
+ fp = filepath.Join(localRepoPath, groupPath, artifact, d.Version, fmt.Sprintf("%v-%v-%v.%v.sha1", artifact, d.Version, d.Classifier, "pom"))
+ }
+ b, err = os.ReadFile(fp)
+ }
+
if err != nil {
// Log the error and continue with the next dependency.
- p.log.V(5).Error(err, "error reading SHA hash file for dependency", "dep", d.Name)
+ p.log.V(5).Error(err, "error reading SHA hash file for dependency", "d", d.Name)
// Set some default or empty resolved identifier for the dependency.
d.ResolvedIdentifier = ""
} else {
@@ -425,16 +457,7 @@ func (p *javaServiceClient) parseDepString(dep, localRepoPath, pomPath string) (
d.ResolvedIdentifier = sha
}
- d.Labels = addDepLabels(p.depToLabels, d.Name)
- d.FileURIPrefix = fmt.Sprintf("file://%v", filepath.Dir(fp))
-
- d.Extras = map[string]interface{}{
- groupIdKey: parts[0],
- artifactIdKey: parts[1],
- pomPathKey: pomPath,
- }
-
- return d, nil
+ return fp
}
func addDepLabels(depToLabels map[string]*depLabelItem, depName string) []string {
diff --git a/rule-example.yaml b/rule-example.yaml
index fa75f844..ee70586a 100644
--- a/rule-example.yaml
+++ b/rule-example.yaml
@@ -206,4 +206,15 @@
ruleID: python-sample-rule-003
when:
python.referenced:
- pattern: "create_custom_resource_definition"
\ No newline at end of file
+ pattern: "create_custom_resource_definition"
+- category: potential
+ description: "Test code snippets when match is a key of a XML node"
+ message: "The code snippet should point to in the beans.xml file"
+ ruleID: xml-test-key-match
+ when:
+ builtin.xml:
+ filepaths:
+ - beans.xml
+ namespaces:
+ b: http://xmlns.jcp.org/xml/ns/javaee
+ xpath: /b:beans